Knowledge Base ISC Main Website Ask a Question/Contact ISC
BIND 8 Security Vulnerability Matrix
Author: Cathy Almond Reference Number: AA-00959 Views: 8970 Created: 2013-05-29 14:21 Last Updated: 2014-10-28 14:30 0 Rating/ Voters

This table summarizes the vulnerability to the bugs mentioned for all released versions of BIND 8 as of 2008.  BIND 8 may be vulnerable to any or all of the BIND CVEs released since.

BIND 8 is in "End of Life" status, which means that we recommend that you not use it. As you can see from the table below, BIND 8 is vulnerable to modern attacks. Please use a newer version.

The numbers listed in the first row are the CVE (Common Vulnerabilities and Exposure) references and are hyperlinked to the appropriate pages on the CVE website, and are also listed in a separate table below, with a short description.

ver/CVE 0 1 2 3 4 5 6 7 8 10 14 X
15 16 17 18 27 28 29
8.3.3                       +
8.3.2                     +
8.3.1                     +
8.3.0                     +
8.2.6                       +
8.2.5                     +
8.2.4                     +
8.2.3                     +
8.2.2         +
8.2.1   +
8.2.0   +


# CVE number short description
0 1999-0833 Buffer overflow via NXT records.
1 1999-0835 Denial of service via malformed SIG records.
2 1999-0837 Denial of service by improperly closing TCP sessions via so_linger.
3 1999-0848 Denial of service named via consuming more than "fdmax" file descriptors.
4 1999-0849 Denial of service via maxdname.
5 1999-0851 Denial of service via naptr.
6 2000-0887 Denial of service by compressed zone transfer (ZXFR) request.
7 2000-0888 Denial of service via SRV record.
8 2001-0010 Buffer overflow in TSIG code allows root privileges.
10 2001-0012 Ability to access sensitive information such as environment variables.
14 2002-0651 Buffer overflow in resolver code may cause a DoS and arbitrary code execution.
Buffer overflow responses with SIG RR
15 2002-1220 Denial of service via request for nonexistent subdomain using large OPT RR.
16 2002-1221 Denial of service via SIG RR elements with invalid expiry times.
17 2003-0914 Cache poisoning via negative responses with a large TTL value.
18 2005-0033 Buffer overflow in recursion and glue code allows denial of service.
27 2007-2930 cryptographically weak query ids (BIND 8)
28 2008-0122 inet_network() off-by-one buffer overflow
29 2008-1447 DNS cache poisoning issue

© 2001-2018 Internet Systems Consortium

For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.

ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.

  • There is no feedback for this article
Quick Jump Menu